Ability to retrieve Principal ID
In my ARM template I am provisioning Key Vault and I need the user that is deploying the ARM template to be added as a Principal.
Since there is currently no way to retrieve the Principal ID from the ARM template we currently have to add the Principal manually.
I would rather automate this step by getting the Principal Id similar to how we can get the subscription ID (subscription().subscriptionId). Something like principal().principalId
Noel Bundick commented
reference() works great for items that have an identity property. Unfortunately, AFAIK, there's nothing that represents the identity of the current user
What I'd like to see is an identity property added to deployment() that contains the tenantId/objectId (and ideally username/appId) of the user or Service Principal that created the ARM deployment.
This would not only solve for "I want to add myself to the Key Vault access policies", but also help enable other much-requested scenarios - like tagging resources with the user who created them
Seems possible with reference.
"objectId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('vmName')), '2017-03-30', 'Full').identity.principalId]"
Andres Nava commented
This idea come from a recommendation by a MSFT individual to submit the idea based on a question on StackOverflow: https://stackoverflow.com/questions/44766476/get-principalid-when-deploying-arm-template